On Thu, Mar 12, 2015 at 09:55:46AM -0400, James B. Byrne wrote: > > Why is there a release candidate in Updates? > > bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.2 > updates Because that's the release that was used in the upstream (RHEL) package to address CVE-2014-8500. https://rhn.redhat.com/errata/RHSA-2014-1984.html -- Jonathan Billings <billings at negate.org>